search

savetheinternet / Tinyboard

The better imageboard software
http://tinyboard.org
Other
368 stars 311 forks source link

Send secure cookie #177

Closed jdh8 closed 10 years ago

jdh8 commented 10 years ago

I suggest setting secure cookie if a mod logs in via HTTPS. https://github.com/jdh8/boards/commit/d819fc498d47c1ca346f3d60d1f2a5b24c79ce35

On my site, mod.php is redirected to HTTPS. Would my patch cause problems on an HTTP/HTTPS dual moderation site?

czaks commented 10 years ago

I believe that no issues would arise, other than having to log in twice.

Another thing is that sessions are tied to IP addresses, but better security is better.

I would also consider setting httpOnly 5 cze 2014 16:09 "Chen-Pang He" notifications@github.com napisał(a):

I suggest setting secure cookie if a mod logs in via HTTPS. jdh8/boards@d819fc4 https://github.com/jdh8/boards/commit/d819fc498d47c1ca346f3d60d1f2a5b24c79ce35

On my site http://boards.jdh8.org, mod.php is redirected to HTTPS. Would my patch cause problems on an HTTP/HTTPS dual moderation site?

— Reply to this email directly or view it on GitHub https://github.com/savetheinternet/Tinyboard/issues/177.

jdh8 commented 10 years ago

HttpOnly is already set on Tinyboard.

By the way, thanks for your imageboard solution. It outperforms old crappy ones.

jdh8 commented 10 years ago

This patch has been committed into vichan. https://github.com/vichan-devel/vichan/commit/6716a24b6844ab2ec1ee7588f1cf024070c395ed